iOS 13 flaw exposes all your contacts data

By

Find My Friends
Keep your iPhone close by.
Photo: Ed Hardy/Cult of Mac

A newly-discovered flaw in iOS 13 lets anyone access your contacts without your passcode.

It takes just a few simple steps to bypass your iPhone’s lockscreen and see every phone number, email address, and physical address you have saved. But a fix is already on the way.

The issue, discovered by Jose Rodriguez, is similar to another found last year (also by Rodriguez) in iOS 12.1. It lets anyone bypass the lockscreen on your iPhone using the built-in VoiceOver feature.

The flaw provides access to all of your contacts — and every piece of information you have saved for them.

See it in action

The short video below demonstrates the exploit on an iPhone X running iOS 13 GM, which Apple plans to roll out to everyone on Thursday, September 19.

The good news is that the iOS 13 flaw does not allow access to your photos and videos, messages, or any other data on your device. It also requires access to your iPhone, which greatly reduces the risk.

Nevertheless, it is a someone serious flaw since it exposes sensitive information. Fortunately, a fix is already on the way.

Fixed in iOS 13.1

The iOS 13.1 update, already available to registered developers, eliminates the issue, Rodriguez says. Apple plans to release this to everyone on September 30.

If you’re greatly concerned about this issue, then, you could just stick with iOS 12 until iOS 13.1 rolls out at the end of this month. But it’s unlikely many will be affected by the flaw.

[